Shulou(Shulou.com)06/03 Report--

The test found that there is a problem with https tls hand error after one year of use of K3s, and it is not good to regenerate the certificate. K3s can only be reinstalled through source code compilation and repair.

Environment: ubuntu 16.04

Docker 18.06.3

Install git (default should already be installed. If not, please execute the following command)

Sudo apt install-y git

Second, clone source code, and switch branches (I am using v1.0.1 version here)

Git clone https://github.com/rancher/k3s.git

Cd k3s

Git checkout-b v1.0.1

Modify the part of the certificate in the source code

Mainly three files, modified as shown in the figure

1. The first file

Vendor/github.com/rancher/dynamiclistener/cert/cert.go

Although the official revision has been made for 100 years, it does not seem to say the effect.

two。 The second file, vendor/github.com/rancher/dynamiclistener/factory/cert_utils.go

3. The third file, scripts/version.sh, because the file sa value is checked, comment 4-7 lines

IV. Compile (make sure you can connect to the Internet, as it is compiled in docker)

1. Install make

Apt install-y make

two。 Execute make command directly. It takes a long time to compile. Please wait patiently.

3. Complete all the files in dist/artifacts

V. Verification

Reinstall K3s (please refer to K3s installation for installation). If you are using an official offline package, there is a small bug that needs to tag image.

Docker tag k8s.gcr.io/pause:3.1 rancher/pause:3.1

Results of verification

At this point, you can feel at ease to use it for 100 years, and you don't have to upgrade every year. Of course, it is recommended to upgrade once a year, just like the official one. After all, there are many loopholes.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.